removing debugfs

[Kees Cook]

Hi,

I have yet another unpopular request: I want to remove debugfs completely
from the built kernels. Upstream continues to put dangerous things in it,
and I want to avoid the problems completely.

I think any userspace tools that need debugfs should be adjusted to use
other non-debug interfaces. If debugfs is really intended only for
debugging, it should stay unavailable. And I don't mean unmounted; I want
to make sure it's not compiled in at all.

Of the most concern is the /sys/kernel/debug/acpi/custom_method interface.
While recently fixed for non-root users, it still basically allows
arbitrary memory writing[1]. This is a total bypass for the /dev/mem
and /dev/kmem restrictions that are used to help protected against
kernel rootkits.

I think we should identify everything that is using debugfs, open bugs
for that stuff so it can be fixed before release, and then remove debugfs
from the kernel.

Thoughts?

-Kees

[1] http://jon.oberheide.org/files/american-sign-language.c

-- 
Kees Cook
Ubuntu Security Team